Jump to content

COULD SOMEONE SEE IF I'M BUG FREE???


Recommended Posts

Could someone check my following logs to see if my system looks clean... I run Norton 360, and even tho everything was up to date, I received the green screen and box saying I was infected, I have run Combofix and Malwarebytes twice...

I have uploaded all log files from ALL sweeps... but have only posted the last two...

Thanks...

ComboFix 10-01-15.05 - HP_Administrator 01/17/2010 8:35.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1339 [GMT -5:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

AV: Norton 360 Premier Edition *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}

AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

FW: Norton 360 Premier Edition *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll

c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll

.

((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))

.

2010-01-16 17:49 . 2010-01-16 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2010-01-16 16:51 . 2010-01-16 16:51 -------- d-----w- c:\program files\InCode Solutions

2010-01-16 14:59 . 2010-01-16 14:59 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Threat Expert

2010-01-16 14:28 . 2010-01-17 13:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-01-16 12:58 . 2010-01-16 12:58 -------- d-----r- c:\documents and settings\HP_Administrator\Application Data\Brother

2010-01-16 00:41 . 2010-01-16 00:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HPQ

2010-01-15 22:22 . 2010-01-15 22:22 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-01-15 22:20 . 2010-01-15 22:20 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes

2010-01-15 22:20 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-15 22:20 . 2010-01-15 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-15 22:20 . 2010-01-16 00:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-15 22:20 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-15 20:49 . 2010-01-15 20:49 -------- d-----w- c:\program files\MSSOAP

2010-01-15 20:48 . 2009-11-06 20:19 1563008 ----a-w- c:\windows\WRSetup.dll

2010-01-15 20:48 . 2010-01-15 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot

2010-01-15 20:48 . 2010-01-15 20:48 -------- d-----w- c:\program files\Webroot

2010-01-15 20:48 . 2010-01-15 20:48 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Webroot

2010-01-15 20:35 . 2010-01-15 20:35 164 ----a-w- c:\windows\install.dat

2010-01-15 19:10 . 2010-01-16 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure

2010-01-15 19:09 . 2010-01-15 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE

2010-01-15 18:55 . 2010-01-15 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-01-15 18:51 . 2010-01-15 18:51 53248 ----a-w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe

2010-01-15 17:25 . 2010-01-15 17:25 -------- d-----w- c:\program files\Enigma Software Group

2010-01-15 15:10 . 2010-01-15 15:10 0 ----a-w- c:\windows\Txuzozik.bin

2010-01-15 15:10 . 2010-01-15 21:39 120 ----a-w- c:\windows\Mtiritihumen.dat

2010-01-13 23:39 . 2005-06-06 16:29 110592 ----a-w- c:\documents and settings\HP_Administrator\Application Data\U3\temp\cleanup.exe

2010-01-13 23:38 . 2010-01-13 23:39 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3

2010-01-13 14:01 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2010-01-12 12:05 . 2010-01-12 12:05 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Hemera

2010-01-12 11:54 . 2010-01-12 11:54 -------- d-----w- c:\program files\ClickArt

2009-12-26 02:17 . 2009-12-26 02:17 -------- d-----w- c:\windows\system32\ENU

2009-12-26 02:17 . 2006-03-09 13:57 122880 ----a-w- c:\windows\system32\Imsmudlg.exe

2009-12-26 02:15 . 2009-12-26 02:15 -------- d-----w- c:\program files\ATI Technologies

2009-12-26 02:01 . 2006-07-19 02:05 520192 ------w- c:\windows\system32\ati2sgag.exe

2009-12-26 01:00 . 2009-12-26 03:59 -------- d-----w- c:\program files\DVDFab 5

2009-12-25 13:21 . 2009-12-25 13:21 -------- d-----w- C:\SystemRoot

2009-12-25 12:54 . 2010-01-01 05:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate

2009-12-25 12:54 . 2009-12-25 12:54 -------- d-----w- c:\windows\Hewlett-Packard

2009-12-24 21:44 . 2009-12-24 21:44 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\PCHealth

2009-12-20 15:28 . 2010-01-17 13:21 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\AskToolbar

2009-12-20 15:14 . 2009-12-20 15:14 -------- d-----w- c:\program files\Ask.com

2009-12-20 15:09 . 2009-12-20 15:09 -------- d-----w- c:\program files\Avery

2009-12-20 14:42 . 2009-12-20 14:42 -------- d-----w- c:\program files\Avery Dennison

2009-12-20 14:42 . 2009-12-20 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avery

2009-12-19 12:56 . 2009-12-19 12:56 2516204 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\Download\SetupR12.exe

2009-12-19 12:56 . 2009-12-19 12:56 131072 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\spherion.dll

2009-12-19 12:56 . 2009-12-19 12:56 131072 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\ron.dll

2009-12-19 12:56 . 2009-12-19 12:56 143360 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\njn.dll

2009-12-19 12:56 . 2009-12-19 12:56 131072 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\nettemps.dll

2009-12-19 12:56 . 2009-12-19 12:56 176128 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\monster.dll

2009-12-19 12:55 . 2009-12-19 12:55 131072 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\hotjobs.dll

2009-12-19 12:55 . 2009-12-19 12:55 131072 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\employmentguide.dll

2009-12-19 12:55 . 2009-12-19 12:55 126976 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\dice.dll

2009-12-19 12:55 . 2009-12-19 12:55 126976 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\careerbuilder.dll

2009-12-19 12:55 . 2009-12-19 12:55 122880 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\simplyhired.dll

2009-12-19 12:55 . 2009-12-19 12:55 139264 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\indeed.dll

2009-12-19 12:54 . 2009-12-19 12:54 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Individual Software

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-17 13:44 . 2006-03-12 14:18 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-01-16 01:24 . 2009-11-26 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-01-15 06:46 . 2009-11-26 02:48 4096 ----a-w- c:\documents and settings\All Users\Application Data\AOL\C_America Online 9.0\DialReg.exe

2010-01-14 08:22 . 2006-03-12 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-01-12 12:05 . 2006-03-12 13:35 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-09 22:22 . 2009-11-26 05:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Vso

2010-01-09 22:22 . 2009-11-26 05:35 -------- d-----w- c:\program files\DVDFab 6

2009-12-25 12:54 . 2006-03-12 13:42 -------- d-----w- c:\program files\HP

2009-12-25 12:54 . 2006-03-12 13:58 -------- d-----w- c:\program files\Hewlett-Packard

2009-12-24 21:01 . 2009-12-11 22:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Sonic

2009-12-20 15:13 . 2006-03-12 13:51 884872 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-19 14:27 . 2009-12-15 02:28 -------- d-----w- c:\program files\ResumeMaker

2009-12-15 03:42 . 2009-12-15 02:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Roxio

2009-12-15 02:53 . 2009-12-15 02:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio

2009-12-15 02:42 . 2009-12-15 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio

2009-12-15 02:38 . 2009-12-15 02:30 -------- d-----w- c:\program files\Creative

2009-12-15 02:28 . 2009-12-15 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Individual Software

2009-12-15 02:20 . 2009-12-15 02:13 -------- d-----w- c:\program files\Roxio

2009-12-15 02:20 . 2006-03-12 13:54 -------- d-----w- c:\program files\Sonic

2009-12-15 02:20 . 2006-03-12 13:46 -------- d-----w- c:\program files\Common Files\Sonic Shared

2009-12-15 02:19 . 2009-12-15 02:13 -------- d-----w- c:\program files\Common Files\Roxio Shared

2009-12-15 02:19 . 2006-03-12 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic

2009-12-15 02:11 . 2009-12-15 02:11 -------- d-----w- c:\program files\DivX

2009-12-14 03:26 . 2009-12-13 16:11 505245 ----a-w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\PPClean.exe

2009-12-13 16:11 . 2009-12-13 16:11 -------- d-----w- c:\program files\Common Files\Scanner

2009-12-13 16:10 . 2009-11-26 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL

2009-12-13 16:10 . 2009-11-26 02:45 -------- d-----w- c:\program files\Common Files\AOL

2009-12-12 20:14 . 2009-12-11 21:47 -------- d-----w- c:\program files\Bing Bar Installer

2009-12-12 20:14 . 2009-12-12 20:14 -------- d-----w- c:\program files\MSN Toolbar

2009-12-11 23:03 . 2009-12-11 23:03 -------- d-----w- c:\program files\Norton Security Scan

2009-12-11 23:03 . 2009-11-27 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2009-12-11 23:03 . 2009-11-27 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-12-04 00:18 . 2009-11-27 02:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Yahoo!

2009-12-02 15:53 . 2006-03-12 13:54 -------- d-----w- c:\program files\WildTangent

2009-11-30 13:11 . 2009-11-30 13:11 -------- d-----w- c:\program files\MSBuild

2009-11-30 13:11 . 2009-11-30 13:11 -------- d-----w- c:\program files\Reference Assemblies

2009-11-28 19:35 . 2009-11-28 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk

2009-11-27 20:21 . 2006-03-12 14:01 -------- d-----w- c:\program files\Microsoft Works

2009-11-27 20:17 . 2009-11-26 14:31 -------- d-----w- c:\program files\Microsoft SQL Server

2009-11-27 19:39 . 2009-11-25 20:14 -------- d-----w- c:\program files\Norton 360 Premier Edition

2009-11-27 18:47 . 2009-11-26 02:46 -------- d-----w- c:\program files\America Online 9.0

2009-11-27 08:14 . 2009-11-27 08:14 -------- d-----w- c:\program files\MSXML 6.0

2009-11-27 05:26 . 2009-11-27 05:26 -------- d-----w- c:\program files\NortonInstaller

2009-11-27 02:49 . 2009-11-27 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2009-11-27 02:42 . 2009-11-27 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2009-11-27 02:42 . 2009-11-27 02:32 -------- d-----w- c:\program files\Yahoo!

2009-11-27 02:27 . 2009-11-27 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-11-27 02:27 . 2009-11-27 02:27 -------- d-----w- c:\program files\Common Files\Adobe

2009-11-27 02:21 . 2009-11-27 02:21 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-11-27 02:17 . 2009-11-27 02:17 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

2009-11-27 02:16 . 2009-11-27 02:16 -------- d-----w- c:\program files\NOS

2009-11-26 16:56 . 2009-11-26 16:56 801 ----a-w- c:\windows\unins001.dat

2009-11-26 16:56 . 2002-02-10 07:00 72748 ----a-w- c:\windows\unins001.exe

2009-11-26 16:56 . 2009-11-26 16:56 -------- d-----w- c:\program files\Anark

2009-11-26 16:56 . 2009-11-26 16:56 -------- d-----w- c:\program files\Temp

2009-11-26 16:33 . 2009-11-26 16:33 -------- d-----w- c:\program files\Microsoft

2009-11-26 16:33 . 2009-11-26 16:33 -------- d-----w- c:\program files\Microsoft Silverlight

2009-11-26 14:41 . 2009-11-26 14:41 -------- d-----w- c:\program files\Microsoft Small Business

2009-11-26 14:38 . 2009-11-26 14:02 -------- d-----w- c:\program files\Microsoft.NET

2009-11-26 13:07 . 2009-11-26 13:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WinBatch

2009-11-26 05:40 . 2009-11-26 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon Wireless

2009-11-26 05:35 . 2009-11-26 05:35 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2009-11-26 05:35 . 2009-11-26 05:35 47360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\pcouffin.sys

2009-11-26 05:35 . 2009-11-26 05:35 47360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\pcouffin.sys

2009-11-26 05:34 . 2009-11-26 05:34 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Smith Micro

2009-11-26 05:31 . 2009-11-26 05:31 -------- d-----w- c:\program files\Novatel Wireless

2009-11-26 05:31 . 2009-11-26 05:31 -------- d-----w- c:\program files\Verizon Wireless

2009-11-26 04:49 . 2009-11-26 04:49 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AdobeUM

2009-11-26 04:09 . 2009-11-26 04:09 34 ----a-w- c:\windows\system32\bd4040cn.dat

2009-11-26 04:09 . 2009-11-26 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother

2009-11-26 03:47 . 2009-11-26 03:47 -------- d-----w- c:\program files\MSXML 4.0

2009-11-26 03:40 . 2009-11-26 03:39 -------- d-----w- c:\windows\Fonts\Corel

2009-11-26 03:38 . 2009-11-26 03:38 -------- d-----w- c:\windows\Fonts\CorelReq

2009-11-26 03:30 . 2005-11-15 01:06 -------- d-----w- c:\program files\microsoft frontpage

2009-11-26 03:25 . 2009-11-26 03:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Microsoft Web Folders

2009-11-26 03:20 . 2009-11-26 03:20 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Leadertech

2009-11-26 03:19 . 2009-11-26 03:19 -------- d-----w- c:\program files\EPSON Software

2009-11-26 03:16 . 2009-11-26 03:13 -------- d-----w- c:\program files\EPSON

2009-11-26 03:15 . 2009-11-26 03:15 -------- d-----w- c:\program files\EPSON Print CD

2009-11-26 03:11 . 2009-11-26 03:11 -------- d-----w- c:\program files\Brownie

2009-11-26 03:11 . 2009-11-26 03:11 -------- d-----w- c:\program files\Brother

2009-11-26 03:08 . 2009-11-26 03:08 -------- d-----w- c:\program files\hp deskjet 5550 series

2009-11-26 02:53 . 2009-11-26 02:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\MSNInstaller

2009-11-26 02:47 . 2009-11-26 02:47 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AOL

2009-11-26 02:47 . 2009-11-26 02:47 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\You've Got Pictures Screensaver

2009-11-26 02:47 . 2009-11-26 02:47 -------- d-----w- c:\program files\Common Files\Nullsoft

2009-11-26 02:47 . 2009-11-26 02:46 -------- d-----w- c:\program files\Common Files\aolshare

2009-11-26 02:47 . 2009-11-26 02:47 -------- d-----w- c:\program files\QuickTime

2009-11-26 02:47 . 2009-11-26 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime

2009-11-26 02:46 . 2009-11-26 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2009-11-26 02:46 . 2009-11-26 02:46 -------- d-----w- c:\program files\Viewpoint

2009-11-26 02:46 . 2009-11-26 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks

2009-11-26 02:46 . 2009-11-26 02:46 -------- d-----w- c:\program files\Pure Networks

2009-11-26 02:46 . 2009-11-26 02:46 -------- d-----w- c:\program files\Common Files\AolCoach

2009-11-26 02:45 . 2009-11-26 02:45 335 ----a-w- c:\windows\nsreg.dat

2009-11-25 22:00 . 2009-11-25 20:16 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Symantec

2009-11-25 21:26 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-11-25 20:40 . 2009-11-25 20:14 -------- d-----w- c:\program files\Symantec

2009-11-25 20:40 . 2009-11-25 20:14 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2009-11-25 20:40 . 2009-11-25 20:14 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2006-05-27 22:06 . 2009-11-25 17:55 22 --sha-w- c:\windows\SMINST\HPCD.SYS

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2009-07-10 22:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]

@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"

[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]

2009-11-06 20:14 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]

"RTHDCPL"="RTHDCPL.EXE" [2006-01-12 15961088]

"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]

"DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-12 1064960]

"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]

"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"osCheck"="c:\program files\Norton 360 Premier Edition\osCheck.exe" [2008-02-26 988512]

"HostManager"="c:\program files\Common Files\AOL\1259203573\ee\AOLSoftware.exe" [2006-03-10 48280]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-26 98304]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]

"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]

"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1051.0\mswinext.exe" [2009-11-13 243032]

"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-10-21 1687552]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-10-21 163840]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]

"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2009-11-26 1787184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-3-12 36903]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1259203573\\EE\\AOLServiceHost.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 02:37 PM 149352]

R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [1/15/2010 03:51 PM 1201640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/25/2009 03:40 PM 102448]

R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 11:08 AM 174336]

R3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [1/12/2004 04:51 PM 1252474]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 09:32 PM 23888]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2010-01-15 c:\windows\Tasks\Norton Security Scan for HP_Administrator.job

- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-11 23:03]

2010-01-17 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 22:29]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.msn.com

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

Trusted Zone: aol.com\free

Trusted Zone: trymedia.com

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-17 08:50

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1160)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6100)

c:\windows\system32\WININET.dll

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll

c:\program files\Common Files\AOL\ACS\WLHook.dll

c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Webroot\WebrootSecurity\SpySweeper.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\windows\eHome\ehmsas.exe

c:\program files\common files\aol\1259203573\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe

c:\program files\ATI Technologies\ATI.ACE\CLI.EXE

c:\program files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe

c:\program files\DISC\DiscStreamHub.exe

c:\program files\ATI Technologies\ATI.ACE\cli.exe

c:\program files\ATI Technologies\ATI.ACE\cli.exe

c:\hp\KBD\KBD.EXE

c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe

c:\windows\system\hpsysdrv.exe

c:\program files\Java\jre1.5.0_05\bin\jusched.exe

c:\program files\Webroot\WebrootSecurity\SSU.EXE

.

**************************************************************************

.

Completion time: 2010-01-17 08:51:27 - machine was rebooted

ComboFix-quarantined-files.txt 2010-01-17 13:51

ComboFix2.txt 2010-01-16 15:41

Pre-Run: 241,328,635,904 bytes free

Post-Run: 241,758,011,392 bytes free

- - End Of File - - B82F374C7CEE539ED7717685FBE64370

Malwarebytes' Anti-Malware 1.44

Database version: 3582

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/17/2010 12:35:46 PM

mbam-log-2010-01-17 (12-35-46).txt

Scan type: Full Scan (C:\|)

Objects scanned: 269367

Time elapsed: 1 hour(s), 22 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP94\A0019385.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP95\A0019513.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP96\A0019771.sys (Malware.Trace) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP97\A0020175.sys (Malware.Trace) -> Quarantined and deleted successfully.

mbam_log_2010_01_17__12_35_46_.txt

ComboFix.txt

mbam_log_2010_01_15__19_00_11_.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please use the Internet Explorer browser and click here to use the F-Secure Online Scanner.

  • Click Start Scanning.
  • You should get a notification bar (on top) to install the ActiveX control.
  • Click on it and select to install the ActiveX.
  • Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
  • In case you are having problems with installing the ActiveX/starting the scan, please read here.
  • Click the Full System Scan button.
  • It will start to download scanner components and databases. This can take a while.
  • The main scan will start.
  • Once the scan has finished scanning, click the Automatic cleaning (recommended) button
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • The cleaning can take a while, so please be patient.
  • Then click the Show report button and Copy/Paste what is present under results in your next reply.

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Thanks For Your Reply,

Last night I could not get onto the web, until I ran combo fix... This morning I ran MBAM and came up clean. I am posting and attaching logs and moving onto the next steps that you suggested...

ComboFix 10-01-15.05 - HP_Administrator 01/21/2010 22:05:39.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1250 [GMT -5:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

AV: Norton 360 Premier Edition *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}

AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

FW: Norton 360 Premier Edition *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll

c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll

.

((((((((((((((((((((((((( Files Created from 2009-12-22 to 2010-01-22 )))))))))))))))))))))))))))))))

.

2010-01-21 03:01 . 2010-01-21 03:01 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Lunarsoft

2010-01-16 17:49 . 2010-01-16 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

2010-01-16 16:51 . 2010-01-16 16:51 -------- d-----w- c:\program files\InCode Solutions

2010-01-16 14:59 . 2010-01-16 14:59 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Threat Expert

2010-01-16 14:28 . 2010-01-17 13:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-01-16 12:58 . 2010-01-16 12:58 -------- d-----r- c:\documents and settings\HP_Administrator\Application Data\Brother

2010-01-16 00:41 . 2010-01-16 00:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HPQ

2010-01-15 22:22 . 2010-01-15 22:22 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-01-15 22:20 . 2010-01-15 22:20 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes

2010-01-15 22:20 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-15 22:20 . 2010-01-15 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-01-15 22:20 . 2010-01-16 00:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-01-15 22:20 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-15 20:49 . 2010-01-15 20:49 -------- d-----w- c:\program files\MSSOAP

2010-01-15 20:48 . 2009-11-06 20:19 1563008 ----a-w- c:\windows\WRSetup.dll

2010-01-15 20:48 . 2010-01-15 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot

2010-01-15 20:48 . 2010-01-15 20:48 -------- d-----w- c:\program files\Webroot

2010-01-15 20:48 . 2010-01-15 20:48 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Webroot

2010-01-15 20:35 . 2010-01-15 20:35 164 ----a-w- c:\windows\install.dat

2010-01-15 19:10 . 2010-01-16 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure

2010-01-15 19:09 . 2010-01-15 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE

2010-01-15 18:55 . 2010-01-15 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-01-15 17:25 . 2010-01-15 17:25 -------- d-----w- c:\program files\Enigma Software Group

2010-01-15 15:10 . 2010-01-15 15:10 0 ----a-w- c:\windows\Txuzozik.bin

2010-01-15 15:10 . 2010-01-15 21:39 120 ----a-w- c:\windows\Mtiritihumen.dat

2010-01-13 23:39 . 2005-06-06 16:29 110592 ----a-w- c:\documents and settings\HP_Administrator\Application Data\U3\temp\cleanup.exe

2010-01-13 23:38 . 2010-01-13 23:39 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3

2010-01-13 14:01 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2010-01-12 12:05 . 2010-01-12 12:05 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Hemera

2010-01-12 11:54 . 2010-01-12 11:54 -------- d-----w- c:\program files\ClickArt

2009-12-26 02:17 . 2009-12-26 02:17 -------- d-----w- c:\windows\system32\ENU

2009-12-26 02:17 . 2006-03-09 13:57 122880 ----a-w- c:\windows\system32\Imsmudlg.exe

2009-12-26 02:15 . 2009-12-26 02:15 -------- d-----w- c:\program files\ATI Technologies

2009-12-26 02:01 . 2006-07-19 02:05 520192 ------w- c:\windows\system32\ati2sgag.exe

2009-12-26 01:00 . 2009-12-26 03:59 -------- d-----w- c:\program files\DVDFab 5

2009-12-25 13:21 . 2009-12-25 13:21 -------- d-----w- C:\SystemRoot

2009-12-25 12:54 . 2010-01-01 05:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate

2009-12-25 12:54 . 2009-12-25 12:54 -------- d-----w- c:\windows\Hewlett-Packard

2009-12-24 21:44 . 2009-12-24 21:44 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\PCHealth

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-22 03:14 . 2006-03-12 14:18 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-01-22 03:13 . 2009-11-26 16:33 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-16 01:24 . 2009-11-26 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-01-15 06:46 . 2009-11-26 02:48 4096 ----a-w- c:\documents and settings\All Users\Application Data\AOL\C_America Online 9.0\DialReg.exe

2010-01-14 08:22 . 2006-03-12 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-01-12 12:05 . 2006-03-12 13:35 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-09 22:22 . 2009-11-26 05:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Vso

2010-01-09 22:22 . 2009-11-26 05:35 -------- d-----w- c:\program files\DVDFab 6

2009-12-25 12:54 . 2006-03-12 13:42 -------- d-----w- c:\program files\HP

2009-12-25 12:54 . 2006-03-12 13:58 -------- d-----w- c:\program files\Hewlett-Packard

2009-12-24 21:01 . 2009-12-11 22:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Sonic

2009-12-20 15:14 . 2009-12-20 15:14 -------- d-----w- c:\program files\Ask.com

2009-12-20 15:13 . 2006-03-12 13:51 884872 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-20 15:09 . 2009-12-20 15:09 -------- d-----w- c:\program files\Avery

2009-12-20 14:42 . 2009-12-20 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avery

2009-12-20 14:42 . 2009-12-20 14:42 -------- d-----w- c:\program files\Avery Dennison

2009-12-19 14:27 . 2009-12-15 02:28 -------- d-----w- c:\program files\ResumeMaker

2009-12-19 12:56 . 2009-12-19 12:56 2516204 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\Download\SetupR12.exe

2009-12-19 12:56 . 2009-12-19 12:56 131072 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\spherion.dll

2009-12-19 12:56 . 2009-12-19 12:56 131072 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\ron.dll

2009-12-19 12:56 . 2009-12-19 12:56 143360 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\njn.dll

2009-12-19 12:56 . 2009-12-19 12:56 131072 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\nettemps.dll

2009-12-19 12:56 . 2009-12-19 12:56 176128 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\monster.dll

2009-12-19 12:55 . 2009-12-19 12:55 131072 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\hotjobs.dll

2009-12-19 12:55 . 2009-12-19 12:55 131072 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\employmentguide.dll

2009-12-19 12:55 . 2009-12-19 12:55 126976 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\dice.dll

2009-12-19 12:55 . 2009-12-19 12:55 126976 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\careerbuilder.dll

2009-12-19 12:55 . 2009-12-19 12:55 122880 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\simplyhired.dll

2009-12-19 12:55 . 2009-12-19 12:55 139264 ----a-w- c:\documents and settings\All Users\Application Data\Individual Software\ResumeMaker\R12\ResumeBanks\indeed.dll

2009-12-19 12:54 . 2009-12-19 12:54 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Individual Software

2009-12-15 03:42 . 2009-12-15 02:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Roxio

2009-12-15 02:53 . 2009-12-15 02:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio

2009-12-15 02:42 . 2009-12-15 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio

2009-12-15 02:38 . 2009-12-15 02:30 -------- d-----w- c:\program files\Creative

2009-12-15 02:28 . 2009-12-15 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Individual Software

2009-12-15 02:20 . 2009-12-15 02:13 -------- d-----w- c:\program files\Roxio

2009-12-15 02:20 . 2006-03-12 13:54 -------- d-----w- c:\program files\Sonic

2009-12-15 02:20 . 2006-03-12 13:46 -------- d-----w- c:\program files\Common Files\Sonic Shared

2009-12-15 02:19 . 2009-12-15 02:13 -------- d-----w- c:\program files\Common Files\Roxio Shared

2009-12-15 02:19 . 2006-03-12 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic

2009-12-15 02:11 . 2009-12-15 02:11 -------- d-----w- c:\program files\DivX

2009-12-14 03:26 . 2009-12-13 16:11 505245 ----a-w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\PPClean.exe

2009-12-13 16:11 . 2009-12-13 16:11 -------- d-----w- c:\program files\Common Files\Scanner

2009-12-13 16:10 . 2009-11-26 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL

2009-12-13 16:10 . 2009-11-26 02:45 -------- d-----w- c:\program files\Common Files\AOL

2009-12-12 20:14 . 2009-12-11 21:47 -------- d-----w- c:\program files\Bing Bar Installer

2009-12-12 20:14 . 2009-12-12 20:14 -------- d-----w- c:\program files\MSN Toolbar

2009-12-11 23:03 . 2009-12-11 23:03 -------- d-----w- c:\program files\Norton Security Scan

2009-12-11 23:03 . 2009-11-27 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2009-12-11 23:03 . 2009-11-27 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-12-04 00:18 . 2009-11-27 02:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Yahoo!

2009-12-02 15:53 . 2006-03-12 13:54 -------- d-----w- c:\program files\WildTangent

2009-11-30 13:11 . 2009-11-30 13:11 -------- d-----w- c:\program files\MSBuild

2009-11-30 13:11 . 2009-11-30 13:11 -------- d-----w- c:\program files\Reference Assemblies

2009-11-28 19:35 . 2009-11-28 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk

2009-11-27 20:21 . 2006-03-12 14:01 -------- d-----w- c:\program files\Microsoft Works

2009-11-27 20:17 . 2009-11-26 14:31 -------- d-----w- c:\program files\Microsoft SQL Server

2009-11-27 19:39 . 2009-11-25 20:14 -------- d-----w- c:\program files\Norton 360 Premier Edition

2009-11-27 18:47 . 2009-11-26 02:46 -------- d-----w- c:\program files\America Online 9.0

2009-11-27 08:14 . 2009-11-27 08:14 -------- d-----w- c:\program files\MSXML 6.0

2009-11-27 05:26 . 2009-11-27 05:26 -------- d-----w- c:\program files\NortonInstaller

2009-11-27 02:49 . 2009-11-27 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2009-11-27 02:42 . 2009-11-27 02:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2009-11-27 02:42 . 2009-11-27 02:32 -------- d-----w- c:\program files\Yahoo!

2009-11-27 02:27 . 2009-11-27 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-11-27 02:27 . 2009-11-27 02:27 -------- d-----w- c:\program files\Common Files\Adobe

2009-11-27 02:21 . 2009-11-27 02:21 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-11-27 02:17 . 2009-11-27 02:17 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

2009-11-27 02:16 . 2009-11-27 02:16 -------- d-----w- c:\program files\NOS

2009-11-26 16:56 . 2009-11-26 16:56 801 ----a-w- c:\windows\unins001.dat

2009-11-26 16:56 . 2002-02-10 07:00 72748 ----a-w- c:\windows\unins001.exe

2009-11-26 16:56 . 2009-11-26 16:56 -------- d-----w- c:\program files\Anark

2009-11-26 16:56 . 2009-11-26 16:56 -------- d-----w- c:\program files\Temp

2009-11-26 16:33 . 2009-11-26 16:33 -------- d-----w- c:\program files\Microsoft

2009-11-26 14:41 . 2009-11-26 14:41 -------- d-----w- c:\program files\Microsoft Small Business

2009-11-26 14:38 . 2009-11-26 14:02 -------- d-----w- c:\program files\Microsoft.NET

2009-11-26 13:07 . 2009-11-26 13:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WinBatch

2009-11-26 05:40 . 2009-11-26 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon Wireless

2009-11-26 05:35 . 2009-11-26 05:35 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2009-11-26 05:35 . 2009-11-26 05:35 47360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\pcouffin.sys

2009-11-26 05:35 . 2009-11-26 05:35 47360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\pcouffin.sys

2009-11-26 05:34 . 2009-11-26 05:34 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Smith Micro

2009-11-26 05:31 . 2009-11-26 05:31 -------- d-----w- c:\program files\Novatel Wireless

2009-11-26 05:31 . 2009-11-26 05:31 -------- d-----w- c:\program files\Verizon Wireless

2009-11-26 04:49 . 2009-11-26 04:49 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AdobeUM

2009-11-26 04:09 . 2009-11-26 04:09 34 ----a-w- c:\windows\system32\bd4040cn.dat

2009-11-26 04:09 . 2009-11-26 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother

2009-11-26 03:47 . 2009-11-26 03:47 -------- d-----w- c:\program files\MSXML 4.0

2009-11-26 03:40 . 2009-11-26 03:39 -------- d-----w- c:\windows\Fonts\Corel

2009-11-26 03:38 . 2009-11-26 03:38 -------- d-----w- c:\windows\Fonts\CorelReq

2009-11-26 03:30 . 2005-11-15 01:06 -------- d-----w- c:\program files\microsoft frontpage

2009-11-26 03:25 . 2009-11-26 03:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Microsoft Web Folders

2009-11-26 03:20 . 2009-11-26 03:20 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Leadertech

2009-11-26 03:19 . 2009-11-26 03:19 -------- d-----w- c:\program files\EPSON Software

2009-11-26 03:16 . 2009-11-26 03:13 -------- d-----w- c:\program files\EPSON

2009-11-26 03:15 . 2009-11-26 03:15 -------- d-----w- c:\program files\EPSON Print CD

2009-11-26 03:11 . 2009-11-26 03:11 -------- d-----w- c:\program files\Brownie

2009-11-26 03:11 . 2009-11-26 03:11 -------- d-----w- c:\program files\Brother

2009-11-26 03:08 . 2009-11-26 03:08 -------- d-----w- c:\program files\hp deskjet 5550 series

2009-11-26 02:53 . 2009-11-26 02:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\MSNInstaller

2006-05-27 22:06 . 2009-11-25 17:55 22 --sha-w- c:\windows\SMINST\HPCD.SYS

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2009-07-10 22:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]

@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"

[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]

2009-11-06 20:14 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]

"AOL Fast Start"="c:\program files\America Online 9.0\AOL.EXE" [2005-07-28 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]

"RTHDCPL"="RTHDCPL.EXE" [2006-01-12 15961088]

"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]

"DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-12 1064960]

"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]

"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"osCheck"="c:\program files\Norton 360 Premier Edition\osCheck.exe" [2008-02-26 988512]

"HostManager"="c:\program files\Common Files\AOL\1259203573\ee\AOLSoftware.exe" [2006-03-10 48280]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-26 98304]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]

"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" [2004-04-26 98304]

"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1051.0\mswinext.exe" [2009-11-13 243032]

"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-10-21 1687552]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-10-21 163840]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]

"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2009-11-26 1787184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-3-12 36903]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1259203573\\EE\\AOLServiceHost.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 02:37 PM 149352]

R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [1/15/2010 03:51 PM 1201640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/25/2009 03:40 PM 102448]

R3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [1/12/2004 04:51 PM 1252474]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 09:32 PM 23888]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 11:08 AM 174336]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2010-01-21 c:\windows\Tasks\Norton Security Scan for HP_Administrator.job

- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-11 21:54]

2010-01-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 22:29]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.msn.com

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

Trusted Zone: aol.com\free

Trusted Zone: trymedia.com

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-21 22:15

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1116)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2756)

c:\windows\system32\WININET.dll

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll

c:\program files\Common Files\AOL\ACS\WLHook.dll

c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Webroot\WebrootSecurity\SpySweeper.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\windows\eHome\ehmsas.exe

c:\program files\America Online 9.0\waol.exe

c:\program files\ATI Technologies\ATI.ACE\CLI.EXE

c:\program files\common files\aol\1259203573\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe

c:\program files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe

c:\program files\DISC\DiscStreamHub.exe

c:\hp\KBD\KBD.EXE

c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe

c:\program files\America Online 9.0\shellmon.exe

c:\program files\ATI Technologies\ATI.ACE\cli.exe

c:\program files\ATI Technologies\ATI.ACE\cli.exe

c:\windows\system\hpsysdrv.exe

c:\program files\Java\jre1.5.0_05\bin\jusched.exe

.

**************************************************************************

.

Completion time: 2010-01-21 22:22:35 - machine was rebooted

ComboFix-quarantined-files.txt 2010-01-22 03:22

ComboFix2.txt 2010-01-17 13:51

ComboFix3.txt 2010-01-16 15:41

Pre-Run: 241,480,155,136 bytes free

Post-Run: 241,439,293,440 bytes free

- - End Of File - - 01CB5DB3E395EAB2DD3423814A3D1C4F

Malwarebytes' Anti-Malware 1.44

Database version: 3614

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/22/2010 06:16:14 AM

mbam-log-2010-01-22 (06-16-14).txt

Scan type: Quick Scan

Objects scanned: 134587

Time elapsed: 9 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ComboFix.txt

mbam_log_2010_01_22__06_16_14_.txt

Link to post
Share on other sites

Here is the log from F-Secure...

Scanning Report

Friday, January 22, 2010 06:45:24 - 09:46:02

Computer name: SALLY

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\ D:\ O:\ P:\

--------------------------------------------------------------------------------

2 malware found

TrackingCookie.2o7 (spyware)

System (Disinfected)

TrackingCookie.Atdmt (spyware)

System (Disinfected)

--------------------------------------------------------------------------------

Statistics

Scanned:

Files: 55568

System: 4766

Not scanned: 11

Actions:

Disinfected: 2

Renamed: 0

Deleted: 0

Not cleaned: 0

Submitted: 0

Files not scanned:

C:\PAGEFILE.SYS

C:\HIBERFIL.SYS

C:\WINDOWS\TEMP\~ROMFN_00000660

C:\WINDOWS\SYSTEM32\SSIEFR.EXE

C:\WINDOWS\SYSTEM32\WRLZMA.DLL

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\RECORDED TV\TEMPREC\TEMPSBE\MSDVRMM_1624122591_4980736_146146

--------------------------------------------------------------------------------

Options

Scanning engines:

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

Use advanced heuristics

--------------------------------------------------------------------------------

Copyright

Link to post
Share on other sites

  • Staff

I notice that you are using more than one antivirus program in resident mode (Norton and Webroot). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE malware to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterwards. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.